Insufficient Logging & Monitoring
Insufficient Logging & Monitoring refers to a lack of logging, a lack of timely alerts about possible security issues, or even logs that are only stored locally. This vulnerability is often a key part of a major attack, including attacks where hackers gain persistent access to a network because catching an attack early (possibly during initial scans by a hacker) and discontinuing access is a key part of preventing such an attack. Logging is also key in incident response (IR) follow-ups so that companies can discover what occurred, what needs to be fixed, and if the hacker is still present in the systems. Leaving logging and alerting active during a penetration test or a red team test is a great way to test its effectiveness.